From: Stijn Tintel <stijn@linux-ipv6.be>
Date: Thu, 6 Jan 2022 17:52:40 +0000 (+0200)
Subject: fw4.uc: handle interface zone option
X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=07579df54f38d75afea44b2a3b41a6d9af9497a1;p=project%2Ffirewall4.git

fw4.uc: handle interface zone option

With firewall3 it is possible to specify the firewall zone in interface
sections in /etc/config/network. Handle this in firewall4 as well.

Suggested-by: Jo-Philipp Wich <jo@mein.io>
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
Reviewed-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/root/usr/share/ucode/fw4.uc b/root/usr/share/ucode/fw4.uc
index bfc568e..b55ad79 100644
--- a/root/usr/share/ucode/fw4.uc
+++ b/root/usr/share/ucode/fw4.uc
@@ -378,7 +378,8 @@ return {
 			for (let ifc in ifaces.interface) {
 				let net = {
 					up: ifc.up,
-					device: ifc.l3_device
+					device: ifc.l3_device,
+					zone: ifc.data?.zone
 				};
 
 				if (type(ifc["ipv4-address"]) == "array") {
@@ -1718,9 +1719,15 @@ return {
 
 		let match_devices = [];
 		let related_subnets = [];
+		let related_ubus_networks = [];
 		let match_subnets, masq_src_subnets, masq_dest_subnets;
 
-		for (let e in to_array(zone.network)) {
+		for (let name, net in this.state.networks) {
+			if (net.zone === zone.name)
+				push(related_ubus_networks, { invert: false, device: name });
+		}
+
+		for (let e in [ ...to_array(zone.network), ...related_ubus_networks ]) {
 			if (exists(this.state.networks, e.device)) {
 				let net = this.state.networks[e.device];